Platform
other
Component
raytha
Opgelost in
1.4.6
CVE-2025-69238 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Raytha CMS. This vulnerability allows an attacker to trick authenticated users into unknowingly performing actions on the CMS, potentially leading to unauthorized data modification or deletion. The vulnerability impacts versions 0.0 through 1.4.6, and a fix is available in version 1.4.6.
The primary impact of this CSRF vulnerability is the potential for unauthorized actions to be performed on a Raytha CMS instance. An attacker could craft a malicious website that, when visited by an authenticated user, automatically sends a POST request to a vulnerable endpoint. This could result in the deletion of data, modification of user permissions, or other actions that compromise the integrity and confidentiality of the CMS and its associated data. The blast radius extends to any authenticated user of the CMS, making it a significant risk for organizations relying on Raytha CMS.
CVE-2025-69238 was publicly disclosed on 2026-03-16. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation probability is considered low due to the lack of public PoCs, but the ease of CSRF exploitation means it remains a potential threat.
Organizations and individuals using Raytha CMS versions 0.0 through 1.4.6 are at risk. This includes websites and applications built on Raytha CMS, particularly those with sensitive data or critical functionality. Shared hosting environments using Raytha CMS are also at increased risk, as vulnerabilities in one user's installation could potentially impact others.
disclosure
Exploit Status
EPSS
0.02% (3% percentiel)
CISA SSVC
The recommended mitigation for CVE-2025-69238 is to immediately upgrade Raytha CMS to version 1.4.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive endpoints. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can also provide a layer of protection. Regularly review CMS configurations to ensure proper access controls and security settings are in place.
Werk Raytha CMS bij naar versie 1.4.6 of hoger. Deze versie corrigeert de Cross-Site Request Forgery (CSRF) kwetsbaarheid door token verificatie in de getroffen endpoints te implementeren. De update voorkomt dat aanvallers ongeautoriseerde acties namens geauthenticeerde gebruikers uitvoeren.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-69238 is a Cross-Site Request Forgery (CSRF) vulnerability in Raytha CMS versions 0.0 - 1.4.6, allowing attackers to perform actions as authenticated users.
Yes, if you are using Raytha CMS versions 0.0 through 1.4.6, you are potentially affected by this vulnerability.
Upgrade Raytha CMS to version 1.4.6 or later to resolve the vulnerability. Consider CSRF token implementation as a temporary workaround.
There are currently no confirmed reports of active exploitation, but the ease of CSRF exploitation means it remains a potential threat.
Please refer to the Raytha CMS official website or security advisories for the latest information and updates regarding CVE-2025-69238.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.